virus logo Threat Signal Report

Palo Alto Expedition Missing Authentication Vulnerability

What is the Vulnerability?

CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account takeover. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

What is the recommended Mitigation?

Palo Alto Networks has released security updates to address the vulnerability. This issue is fixed in Expedition 1.2.92 and all later versions. https://security.paloaltonetworks.com/CVE-2024-5910

What is FortiGuard Coverage?

  • FortiGuard recommends users to apply the fix provided by the vendor and follow any mitigation steps provided.

  • FortiGuard IPS protection is available, and Fortinet customers remain protected through it.
    Intrusion Prevention | FortiGuard Labs

  • The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

description-logoOutbreak Alert

FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerabilities that could allow attackers to take over administrative accounts, putting configuration secrets, credentials, and other imported data within Expedition at serious risk.

View the full Outbreak Alert Report

Additional Resources

CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover
Intrusion Prevention | FortiGuard Labs


Released Date Nov 08, 2024
Tags Palo Alto Expedition Vulnerability Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert
About FortiGuard Threat Signal

Learn More »